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ABSTRACT 

The purpose ot dynamic modeling and simulation of 
Advanced Life Support (ALS) systems is to help design 
them. Static steady state systems analysis provides basic 
information and is necessary to guide dynamic modeling, 
but static analysis is not sufficient to design and compare 
systems. ALS systems must respond to external input 
variations and internal off-nominal behavior. Buffer 
sizing, resupply scheduling, failure response, and 
control system design are aspects of dynamic system 
design. We develop two dynamic mass flow models and 
use them in simulations to evaluate systems issues, 
optimize designs, and make system design trades. One 
model is of nitrogen leakage in the space station, the 
other is of a waste processor failure in a regenerative life 
support system. 

Most systems analyses are concerned with optimizing 
the cost/benefit of a system at its nominal steady-state 
operating point. ALS analysis must go beyond the static 
steady state to include dynamic system design. All life 
support systems exhibit behavior that varies over time. 
ALS systems must respond to equipment operating 
cycles, repair schedules, and occasional off-nominal 
behavior or malfunctions. Biological components, such 
as bioreactors, composters, and food plant growth 
chambers, usually have operating cycles or other 
complex time behavior. Buffer sizes, material stocks, and 
resupply rates determine dynamic system behavior and 
directly affect system mass and cost. Dynamic simulation 
is needed to avoid the extremes of costly over-design of 
buffers and material reserves or system failure due to 
insufficient buffers and lack of stored material. 

INTRODUCTION 

Modeling systems behavior is not merely useful, it is 
unavoidable. All human projections about the future, 
reasoning that “If I do this, then that will happen,” are 
based on models of how the world works. Most everyday 
models are unconscious, qualitative, and influenced by 
implicit factors. Engineers and scientists are trained to 
use explicit, quantitative, mathematical models based on 
data and physical laws to predict how systems will 
perform. 


Most of the systems models that everyone uses are 
static rather than dynamic. Static models apply when 
systems are operating continually in their steady state, 
their external inputs do not vary, and their internal 
configurations remain unchanged. Static systems 
analysis is necessary and should always be done before 
dynamic modeling and simulation. There are several 
good reasons to use static models. First, static models 
are much simpler than dynamic models. Many system 
behaviors and potential problems can be ignored in static 
analysis. Second, the static steady state performance of 
a system is its desired product, the reason it is built. 
Static performance is the most important single aspect of 
any system, unless it has a dangerous potential for 
causing harm. The third reason for relying on static 
models is that the traditional approach to engineering 
design is to limit the system performance requirements 
and then over-design the hardware to guarantee the 
desired steady state performance. Dynamic behavior can 
be largely suppressed by costly but simple brute force 
design. 

Nonetheless, dynamic modeling and simulation is 
absolutely necessary. The most casual observation of 
the real world shows that things change continually and 
often drastically. Change can not be ignored. A so-called 
“surprise” occurs whenever the real world does not 
conform to our mental model of it. If we are not to be 
disconcerted by changes in the real world, we need to 
explore dynamic models that include the causes and 
effects of change. 

Two particular aspects of ALS systems engineering, 
buffer sizing and controls design, stand out as obviously 
requiring dynamic modeling and simulation. If we have an 
integrated life support system with each subsystem and 
component operating constantly at matched steady state 
rates, no buffering is needed. But if some material flow or 
processing function is interrupted, the system quickly 
fails. Spare material and processing capacity is needed 
but static analysis does not indicate this. The processing 
rates and buffer size to accommodate intermittent 
resource inputs and demands, batch processing, down 
times, etc., can be determined only by dynamic modeling 
and simulation. The crude approach to system controls is 
to design a system using static steady analysis, then add 
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on some buffering and a control system in an attempt to 
keep the system at steady state. The correct approach is 
to design a dynamic system that can operate within the 
expected changing requirements and varying 
environment and can compensate for hardware 
changes, maintenance and repair down times, etc. The 
system and its controller must be designed and 
optimized together, using dynamic simulation. The ALS 
system processors must have off/on capability and 
variable processing rates (including rates above nominal 
steady state) to allow the control system to compensate 
for demand changes, failures and down time. 

Most ALS analysis is static. (Drysdale et al. 1993) 
(Drysdale et al. 1994) (Finn 1998) (Jones 2003) A small 
portion is dynamic. (Finn 1 999) Previous work reviewed 
the potential for system dynamics and nonlinearities to 
cause unacceptable performance and damaging 
instability in ALS systems. (Jones 2001) (Jones 2002) 
Dynamic modeling is needed. We can not consider 
processing cycles, processor scheduling, supply and 
demand variations, transients, statistical variations, 
interruptions, and failures, without dynamic modeling 
and simulation. We can not design buffers, controls, or 
variable rate processors without dynamic modeling and 
simulation. 

SPACE STATION NITROGEN LEAKAGE 

The methodology of dynamic modeling and simulation 
and its relation to static steady state modeling is 
demonstrated by a study of nitrogen leakage and 
resupply. Probably the simplest life support task is 
providing nitrogen for use as an atmospheric buffer gas. 
Nitrogen is not consumed, recycled, or generated, it only 
leaks into space and is resupplied. 

STATIC ANALYSIS OF NITROGEN LEAKAGE 

The atmosphere composition at sea level is 21% oxygen 
and 79% nitrogen and the same composition is usual for 
space missions. If we allow for the leakage of ten space 
station elements, one equipment airlock cycle per week, 
and one crew airlock cycle per day, the estimated space 
station atmosphere leakage is 3.59 kg per day, including 
2.84 kg of nitrogen. The nitrogen resupply rate must be 
equal to the leakage rate of 2.84 kg per day. Once we 
allow the additional mass needed for resupply tankage, 
the static steady state analysis of nitrogen resupply is 
complete. We know the mass of resupply nitrogen for a 
space station mission of any duration. 

Static analysis matches the average use rate to the 
resupply or regeneration rate. It uses EXCEL or back-of- 
the-envelope calculations and is a quick, useful, 
necessary first step in analysis. But static analysis is not 
sufficient. 

We must consider the resupply timeline in order to size 
the shuttle and station nitrogen buffer tanks. If we 


assume a shuttle flight every 90 days, each flight must 
bring 256 kg of nitrogen. Adding a 30-day contingency, 
the total station nitrogen storage needed is 341 kg. (See 
the Appendix - analysis notes, item [1], for complete 
details of this analysis.) 

NOMINAL DYNAMIC NITROGEN BALANCE 

A Matlab/SIMULINK model was developed that includes 
the ten element space station nitrogen gas volume, the 
leakage, the airlock losses, and the nitrogen tanks that 
are refilled by Shuttle. We initially assumed constant 
leakage, one equipment airlock cycle per week, and one 
crew airlock cycle per day with the nitrogen losses above. 

The nitrogen leakage and resupply model behavior is 
shown in figure 1 below. 
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Figure 1. Nitrogen tank storage and resupply with a 
constant loss rate. 


The accumulated nitrogen loss increases at a constant 
rate from 0 at day 0 to 341 kg at day 120. The loss is due 
to the constant leakage, the daily crew Extra-Vehicular 
Activity (EVA), and the weekly equipment transfer 
through the airlock. The nitrogen storage in tanks 
decreases from 341 kg at day 0 to 85 kg at day 90, when 
a resupply of 256 kg from shuttle tanks increases storage 
to 341 kg and restores the original station supply. This 
basic dynamic modeling and simulation defines the 
resupply tank sizes as well as steady state resupply rate. 

OFF-NOMINAL DYNAMIC NITROGEN 
BALANCE 

Modeling and simulation are even more necessary when 
we consider the effects and responses to off-nominal 



conditions. Suppose the following failure scenario 
occurs: 

1 . A large amount of nitrogen (98.8 kg) is lost on day 30 
due to a failure fully depressurizing one of the ten 
station elements. 

2. After restoring pressure, the leakage rate of the 
damaged element is found to have increased from 
0.18% to 1 .0 %, adding 0.81 kg/day more leakage. 

3. The crew EVAs and equipment transfers through 
the airlock must be maintained. 

4. The next nitrogen resupply by shuttle is increased to 
400 kg but must be delayed 1 0 days to day 1 00. 

We modify the SIMULINK model to include these off- 
nominal events. The model behavior is shown in figures 
2 and 3 below. 
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Figure 2. Habitat nitrogen and storage input for off- 
nominal nitrogen loss. 


The upper trace in figure 2 shows the total nitrogen in 
the ten habitable elements of the space station. The total 
nitrogen is constant at 988 kg until the element 
depressurization event on day 30. The lower trace is the 
accumulated nitrogen provided to the habitable 
elements from the storage tanks. The input from storage 
usually increases at a constant rate but jumps by 98.8 kg 
at day 30 to quickly repressurize the damaged element. 
The storage tanks are all empty at day 75, so the nitrogen 
pressure in the habitable elements decreases until it is 
about 10% below nominal. At day 100, the 400 kg 
resupply arrives and is used partly to restore habitat 
pressure and partly left in tanks for future use. Figure 3 
below shows the nitrogen storage in the station tanks. 
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Figure 3. Nitrogen storage in tanks for off-nominal 
nitrogen loss. 


Note that, even though the total resupply brought up in 
shuttle tanks is 400 kg, about 100 kg is used immediately 
to increase habitat pressure. This leaves only about 300 
kg to be stored in station tanks to compensate for 
leakage and airlock cycling until the next resupply. Do we 
have enough? Not unless we reduce airlock use. The 
new off-nominal use rate is 3.65 kg/day, so 300 kg lasts 
only 82 days. We would need 329 kg for 90 days. 

In these examples of nitrogen loss, the oxygen loss is 
26.6% of the nitrogen loss. For the nominal case this is 
0.76 kg/day, and for the off-nominal case it increase to 
0.97 kg/day after the chamber de- and re-pressurization. 
These numbers are similar to the oxygen consumption 
per crewmember per day, which averages 0.84 kg/day 
but varies from 0.65 to 1 .5 kg/day. (Reed and Coulter, p. 
122) (Wieland, p. 6.) The nominal oxygen leakage is 
equivalent to having an additional crewmember and can 
not be ignored. Any atmosphere loss will impact the 
oxygen system. 

NITROGEN LEAKAGE SUMMARY 

Static analysis matches the average use and resupply 
rates. Static analysis is a quick, useful, necessary first 
step, but it is not enough. Nominal dynamic analysis is 
needed to define buffers sizes and to plan scheduling or 
design operational procedures to provide resupply. 
Additional dynamic analysis is needed to simulate failures 
and plan responses. 

The above space station nitrogen leakage example is 
very simple. The complexity of a dynamic simulation is 
determined by the number of interconnected buffers or 
storage elements. In this nitrogen example we have two 





connected buffers, the station nitrogen storage tanks 
and the station pressurized volume itself. 

Dynamic systems with only one or two storage buffers 
connected by feedback loops can show complex 
behavior. Typical advanced life support systems are 
much more complex. The Matlab/SIMULINK model of a 
complete bioregenerative system has 30 storage 
buffers. (Finn 1999) These are crew chamber 
atmosphere, crew chamber atmosphere leakage, 
biomass chamber atmosphere, biomass chamber 
atmosphere leakage, biomass nutrient tank, eight crop 
trays’ biomass, five different crops’ storage, inedible 
biomass storage, oxygen tank, carbon dioxide tank, 
methane tank, waste carbon store, waste water tank, 
clean water tank, bioreactor sludge tank, solid waste 
tank, solid waste chamber atmosphere, solid waste 
chamber atmosphere leakage, and nitrogenous waste 
tank. The next example of static analysis followed by 
dynamic modeling and design is of a simple closed 
biological life support system with five storage buffers. 

WASTE PROCESSOR FAILURE IN A 
BIOREGENERATIVE SYSTEM 

This analysis was inspired by a very simplified abstract 
model of an ecological life support system described in 
an early paper by Babcock, Auslander, and Spear 
(1984). We investigate the behavior of a fully closed life 
support system with a waste processor failure. The three 
processors in the system are the crew, plant growth 
chamber, and a waste processor. The system has only 
five types of material flow streams. These are edible 
biomass or food, inedible biomass or waste, oxygen, 
carbon dioxide, and water. There are storage tanks for 
food, inedible plant waste, oxygen, carbon dioxide, and 
water. Additional biomass, oxygen, and carbon dioxide 
are contained in the plant and crew chambers. 

The original paper of Babcock et al. uses combined 
material flows. All processors and buffers receive and 
produce tailored mixed flows of food, waste, oxygen, 
carbon dioxide, and water. Because the mixed flows 
contain solid, liquid, and gas, the system hardware 
design and failure behavior is not intuitive. This reduces 
the apparent relevance of the simulation results. Here we 
separate the material flows. 

BIOREGENERATIVE SYSTEM DESCRIPTION 

We assume a highly simplified closed regenerative 
human ecosystem. Its three chemically active processors 
are plants, humans, and a waste oxidizer. The plants are 
primary producers, using light energy to combine carbon 
dioxide and water in order to produce glucose and 
oxygen. The humans metabolize the glucose using 
oxygen, converting these inputs to carbon dioxide and 
water. One producer and one consumer form the 
simplest possible closed ecological system, but we will 
assume that the plants produce glucose that is half 


edible and half in waste biomass. The waste oxidizer 
converts the inedible glucose to carbon dioxide and 
water using oxygen. See the system block diagram in 
figure 4 below. 



Figure 4. Simple closed ecological life support system 


SYSTEM PROCESSOR CHEMICAL EQUATIONS - Plant 
photosynthesis uses the following chemical reaction: 

6 CO 2 + 6 HgO ^ C 6 H.,0 6 + 6 O 2 

The relative masses can be found using the molecular 
weights. As the molecular weight of hydrogen is 1, 
carbon is 12, and oxygen is 16, we have the following 
total molecular weights: 

264 + 108 ^ 180+192 =372 

We assume human metabolism is equal to the complete 
oxidation of glucose. The reaction is: 

C 6 Hi 2 0 6 ® O 2 ^ 6 CO 2 + 6 H 2 O 

This is simply the inverse of photosynthesis. The waste 
oxidizer produces exactly the same reaction as the 
humans. Photosynthesis requires input energy, while 
human metabolism and waste oxidation produce energy. 

SYSTEM MATERIAL FLOWS - Some of the oxygen and 
carbon dioxide are contained in the closed system 
atmosphere and circulate freely between the three 
processors, plants, humans, and waste oxidizer. We 
assume the water produced by human metabolism and 
waste oxidation enters the atmosphere as water vapor 
and is condensed and returned to the plants. We ignore 
other human waste. Large amounts of water are required 
for drinking, plant growth, and human hygiene. We will 
assume that these other three water streams are 
recycled independently and consider only recycling the 
relatively small amount of water involved in 
photosynthesis, human metabolism, and waste 
oxidation. The plants gradually produce first inedible and 







then edible biomass, which we treat as pure glucose. At 
maturity, the plants are harvested and the edible and 
inedible biomass is separately stored. 

SYSTEM STORAGE BUFFERS -The five materials used, 
edible biomass or food, inedible biomass or waste, 
carbon dioxide, oxygen, and water are stored in the 
system. Inedible and edible biomass are first contained in 
the plants, then harvested and stored in the food and 
waste buffers. Carbon dioxide and oxygen are stored 
largely in tanks, with some in the atmosphere. The 
human metabolic water is stored in a tank, with drinking, 
plant, and hygiene water. 

PROCESSOR OPERATIONS - We consider the crew, 
the plants and the waste processor. 

Crew -The objective of the closed life support system is 
to provide the crew with oxygen, water, and food. Any 
failure to provide the full requirement is a serious 
problem. Under failure scenarios, the crew could survive 
with temporarily reduced food. Metabolic water is 
insignificant compared to drinking, plant, and hygiene 
water, so it’s loss is unlikely to be a critical failure. Oxygen 
is an urgent need. Maintaining low carbon dioxide levels, 
less than a few thousand parts per million, is mandatory. 
(Wieland, p. 184-5) 


The average photosynthetic rate over the 60 days 
shown in figure 5 is 5/6 of the peak rate. Later we 
consider the effect of a waste processor failure and 
reduced carbon dioxide on plant growth. The total plant 
growth is limited to the amount possible using the carbon 
dioxide available in the atmosphere. Metabolic water is 
assumed always available. Plant growth may be affected 
by light energy and other factors. If the amount of 
inedible biomass, the light collecting canopy, is reduced 
due to some problem in the first 35 days, the 
subsequent production of edible biomass is reduced 
proportionately to the loss in inedible biomass. 

Waste processor - The waste oxidizer is needed to 
convert waste biomass into carbon dioxide for the plants. 
If it were not available, waste biomass would accumulate, 
and ultimately all carbon would be sequestered in waste. 
We assume an incinerator that performs a daily burn 
designed to maintain a fixed buffer level of carbon 
dioxide. Because of the large buffer of atmospheric 
oxygen, the oxygen needed for waste processing is 
always available. The waste processor controller monitors 
the stored carbon dioxide. It requests and burns waste 
daily when the plants are strongly photosynthesizing. 
The produced carbon dioxide is stored and released 
gradually to avoid excessive atmospheric carbon dioxide 
levels. 


Plants - We will assume one tray of food plants, all 
planted at the same time. The plant growth cycle will be 
something like wheat, with a 60-day growth period and a 
50% harvest index, except that the assumed plant 
produces only edible and inedible glucose. From day 0 
to 20, the plants exhibit a straight-line increase in 
photosynthetic rate. On day 20 they establish a full 
canopy and the maximum photosynthesis and biomass 
production rate. In the first 20 days they produce 20% of 
final biomass, all inedible. From day 21 to 35, another 30 
% of the final biomass is produced, all inedible. From day 
36 to 60, the last 50% of biomass is produced, all edible. 
(Volk et al.) (Jones et al.) The assumed plant 
photosynthetic rate over time is shown in figure 5 below. 
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Figure 5. Plant photosynthetic rate over time. 
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SYSTEM PERFORMANCE ISSUES - Can this closed 
system survive temporary failures of the waste 
processor? This will depend on the storage capacities, 
the amount and distribution of initial material in the 
system, and the failure recovery strategy. How exactly do 
the initial storage sizing and the material allowances 
affect the system survivability? What is the least costly 
way to reduce the harm of potential failures? Do control 
algorithms provide a low cost approach to increasing 
survivability? 

INITIAL STATIC SYSTEM DESIGN 

Before we can simulate dynamic behavior, we must 
design the system in more detail. As is usual, the initial 
mass flow will be based on static steady state systems 
analysis. Then we investigate the nominal dynamics to 
size the storages and then add a waste processor control 
designed to maintain the system at steady state. 

SYSTEM FLOW SIZING - The system flow rates are 
shown in moles in Table 1 below. The rates are 
determined by the system processor chemical equations 
above. Negative numbers indicate the processor 
outputs, and positive the inputs. By using moles flow per 
day, we can check the mass balance easily. 



Table 1. Average processor input and output flows 
(moles/day) 


\processors 

flows\ 

plants 

crew 

waste 

processor 

edible biomass 

-90 

+90 


inedible biomass 

-90 


+90 

oxygen 

-192 

+96 

+96 

carbon dioxide 

+264 

-132 

-132 

water 

+ 108 

-54 

-54 


The edible and inedible biomass flow rates are the 
average rates over the 60-day plant growth cycle. 
Referring to figure 5, we see that the average edible and 
inedible biomass production rates are 25/60 = 5/12 of 
the peak biomass production rate. 

As a real world mass reference point, a material flow of 
one mole per day scales to about eight grams per 
crewmember per day. The standard crewmember daily 
metabolic inputs and outputs include 0.84 kg of oxygen 
and 1 .00 kg of carbon dioxide per day. (Wieland, p. 6) 
(Reed and Coulter, p. 122) If 0.84 kg of oxygen 
corresponds to 96 moles, we have 8.8 grams per mole. If 
1.00 kg of carbon dioxide corresponds to 132 moles, we 
have 7.6 grams per mole. The correspondence is not 
exact because this simplified model ignores the details of 
human metabolism. 

NOMINAL DYNAMIC ANALYSIS 

We next consider buffer sizing for the steady state, for 
start up, and over the plant growth cycle. 

STORAGE SIZING - To size the system storages, we 
must consider the system operational modes. We 
investigate average steady state operation, the initial 
startup, and system shut down and restart. 

For the average steady state operation, we assume 
constant photosynthesis at 5/6 the peak rate. The 
oxygen, carbon dioxide, and metabolic water flows of the 
plants are exactly balanced by the crew and waste 
processor. Oxygen and carbon dioxide are continually 
exchanged through the crew and plant chamber 
atmosphere. No storage is needed. The water produced 
by crew metabolism and waste oxidation is condensed 
and added to the plant hydroponics solution. No 
additional water storage is needed. Unlike the 
continuous exchange of gases and water, the harvest of 
solid material is a discrete event. At harvest, the plants 
produce 60 days food. This is 60 days * 90 moles per day 
per crewmember = 5,400 moles per crewmember. This 
must be stored. An equal amount of waste biomass is 
produced and stored at the same time. After harvest, the 
crew and waste processor draw down the stocks of food 
and waste continuously over the next 60 days. 


The initial start up, still assuming the average steady 
state, requires that 60 days food and 60 days waste be 
provided in storage. We do not need to provide 60 days 
oxygen to metabolize the food or oxidize the waste, as 
the plants will continually provide the oxygen needed. 
Since it is unlikely that waste will be provided initially, we 
consider supplying the waste processor products of 
carbon dioxide and water for plant input. There are two 
problems. The mass of carbon dioxide and water is more 
than double the mass of waste they replace, because of 
the additional oxygen they contain. Half of the oxygen 
produced by the plants will not be needed for waste 
processing and must be perpetually stored. It is more 
efficient to simply fill the food and waste storage at initial 
start up, just as if we were at the end of a harvest cycle. 

This means that we can shut down the system 
immediately after a harvest and remove the crew, and 
then return the crew and restart the system at some 
indefinite later date. Average steady state operation, 
including initial start up, shut down, and restart requires 
only the storage of 60 days food and 60 days waste. 
Steady state analysis indicates that we need storage 
buffers only for the edible and inedible biomass, each of 
5,400 moles. 

BUFFERING OVER THE PLANT GROWTH CYCLE - We 
also consider the buffering needed to compensate for 
the variation of photosynthesis over the crop cycle. 
Because photosynthesis increases only gradually after 
planting, there is an initial low level of plant production of 
oxygen and plant use of carbon dioxide and water. This 
transient must be smoothed by buffering. We supply 
stored oxygen to the crew and store the crew-produced 
carbon dioxide and water. Later in the plant growth cycle, 
the plants use more than the average amount of carbon 
dioxide and water and produce more than the average 
oxygen, so the buffers can be returned to their initial 
condition. The amount of buffering is reduced because 
waste processing is scheduled only when the plants ae 
at peak photosynthesis, producing more oxygen and 
requiring more carbon dioxide than the crew can match. 

The plants will be producing oxygen and using carbon 
dioxide and water at the maximum rate after 20 days, after 
a uniform increase in photosynthetic rate from day 0. See 
figure 5 above. The average photosynthetic rate is 5/6 of 
the maximum rate, and is achieved in 5/6 of 20 days, at 
day 16.7. The plants reach one-half the average 
photosynthetic rate at day 8.3. This means that the 
plants are able to supply all the crew oxygen and to use 
all the crew produced carbon dioxide and metabolic 
water. After day 8.3 the oxygen, carbon dioxide, and 
water buffers gradually return to their initial levels. Before 
day 8.3 the plants do not produce enough oxygen for 
the crew and do not use all the carbon dioxide and 
metabolic water produced by the crew. The net excess 
of carbon dioxide and water, and the deficit of oxygen, 
are half of 8.3 days average crew use, or 548 moles of 
carbon dioxide, 224 moles of water, and 398 moles of 




oxygen. The excess carbon dioxide and water must be 
stored for later use and the currently needed oxygen 
must be provided from storage. The required minimum 
buffer sizes and initially stored amounts are shown in 
moles in Table 2 below. 

Table 2. Minimum buffer sizes and initial materials (moles) 



buffer 

size 

initial 

stock 

edible biomass 

5,400 

5,400 

inedible biomass 

5,400 

5,400 

oxygen 

398 

398 

carbon dioxide 

548 

0 

water 

224 

0 


On harvest day, 10,800 moles of plant biomass are 
transferred to storage. This is equal to the initial supply of 
biomass. Including the oxygen and the initial biomass, 
the system working material mass is 11,198 moles. (See 
the Appendix - analysis notes, item [2], for a discussion 
of staggered planting.) 

PRACTICAL BUFFER SIZING - An operational system 
needs something more than the minimum storage 
capacity and initial material in order to buffer random 
fluctuations and to provide some reserve for down time. 
Oxygen and carbon dioxide are contained in the crew 
and plant chambers, but the required oxygen and carbon 
dioxide buffers of Table 2 are large compared to the 
atmospheric gas content. (See the Appendix - analysis 
note [3], for the oxygen and carbon dioxide in the 
atmosphere.) 

We can not eliminate the oxygen and carbon dioxide 
buffers and use the atmosphere as a buffer. Instead, it 
would be reasonable to provide larger buffers containing 
an initial stock of ten day’s oxygen and ten days carbon 
dioxide. Referring to the use rates in Table 1, this is 
1,920 moles of oxygen and 2,640 moles of carbon 
dioxide. Since 548 moles of carbon dioxide will 
accumulate during initial startup, we increase the buffer 
size by this much, to 2,640 + 548 = 3,188. 

Water circulates in the drinking, crew hygiene, and plant 
hydroponics systems. The daily flow of drinking and 
hygiene water is roughly thirty times the crew metabolic 
water flow. (See the Appendix - analysis note [4], for a 
discussion of drinking and hygiene water.) The required 
mass of plant hydroponics water is equivalent to more 
than a hundred years plant metabolic use. (See the 
Appendix - analysis note [5], for a discussion of plant 
chamber water.) 

Because of the large amount of drinking, hygiene, and 
hydroponics water, storing and buffering human 
metabolic water is not a problem. In the simulations, we 


use a large buffer size of 20,000 moles and an initial 
stock of 10,000 moles, so that no shortages or overflows 
occur. 

However, to correctly estimate the cost of the life support 
system, we count only the water stock and buffer size 
needed for life support. The metabolic water is similar to 
carbon dioxide, produced by the crew and waste 
processor and used by the plants. We need a buffer 
containing an initial stock of ten day’s metabolic water, 
1,080 moles. Since 224 moles of metabolic water will 
accumulate during initial startup, we increase the buffer 
size by this much, to 1 ,080 + 224 = 1 ,304 moles. 

If we provide an additional ten days edible and inedible 
biomass, the amounts increase from 60*90 = 5,400 to 
70*90 = 6,300 moles. The practical buffer sizes and 
initially stored amounts are shown in moles in Table 3 
below. 


Table 3. Practical buffer sizes and initial material(moles) 



buffer 

size 

initial 

stock 

edible biomass 

6,300 

6,300 

inedible biomass 

6,300 

6,300 

oxygen 

1,920 

1,920 

carbon dioxide 

3,188 

2,640 

water 

1,304 

1,080 


The total system buffer size is 19,012 moles and the 
system working material mass is 18,240 moles. These 
amounts will be used below to estimate system cost. 

SYSTEM BEHAVIOR AND CONTROL - We consider the 
behavior and control of the crew, plants, waste processor 
and chamber atmosphere. 

Crew - We assume the crew receives an input of 90 
moles of edible glucose and 96 moles of oxygen per 
crewmember per day, as in Table 1 . Each crewmember 
produces 1 32 moles of carbon dioxide and 54 moles of 
metabolic water. If the edible input is reduced, we 
assume the same use of oxygen and production of 
carbon dioxide and water, made possible by 
metabolizing body tissue. 

Plants - The plants convert carbon dioxide and water to 
glucose and oxygen, as in Table 1. All plants will be 
harvested and replanted every 60 days. If the plants are 
damaged or destroyed due to some system failure, they 
may be replanted as soon as the failure is repaired. 

Waste processor - Like the crew, the waste oxidizer 
converts glucose and oxygen to carbon dioxide and 
water, as in Table 1. The waste processor controller 
monitors the carbon dioxide stored in the buffer. It 




requests and burns some amount of waste daily when 
the carbon dioxide buffer is at less than the initial 2,640 
moles. 

Atmosphere - The flows of oxygen and carbon dioxide 
are large compared to the amounts stored in reasonably 
sized crew and plant chambers. We do not have the large 
atmosphere buffers sometimes envisioned in ecological 


life support. The system operation requires processors 
that remove oxygen or carbon dioxide from the 
atmosphere and store them in buffers. 

NOMINAL DYNAMIC SIMULATION 

The dynamic behavior of the closed system under 
nominal conditions is shown in figure 6 below. 


moles 



Figure 6. Initial design, nominal operation. 


The edible biomass decreases in a straight line from 
6,300 moles to 900 moles as the crew consumes it. The 
inedible biomass remains constant at 6,300 moles until 
day 1 9 and then decreases in a straight line to about 
1,100 moles as the waste processor burns it to produce 
carbon dioxide and water. The edible and inedible 
biomass both return to their initial values after harvest on 
day 61 . The carbon dioxide increases from 2,640 moles 
to 3,188 moles on day 7, as the crew produces more 
than the plants use, then decreases to the set level of 
2,640 moles on day 21. The oxygen decreases from 
1,920 moles to 1,522 moles on day 8 as the crew 
produces more than the plants use, then increases back 
to 1,920 on day 18. The metabolic water, not shown, 
behaves similarly to the carbon dioxide. 

SIMULATION OF A WASTE PROCESSOR 
FAILURE 

A 14-DAY FAILURE - Assume that the waste processor is 
inoperative for some period. The purpose of the waste 


processor is to produce half of the carbon dioxide used 
by the plants. If the waste processor fails, we may not be 
able to maintain the target storage level of carbon 
dioxide. This will not affect plant growth unless the 
storage becomes completely empty. The initial supply of 
carbon dioxide of ten days’ average plant use, 
supplemented by the crew production of half of the 
average plant use, will last 14.3 days during peak 
photosynthesis. (Appendix - analysis note [6]) 

The waste processor is not needed at all before peak 
photosynthesis. After initial planting, the crew produces 
excess carbon dioxide that lasts until near canopy 
closure, as shown in figure 6. Instead of producing more 
carbon dioxide, we must remove much of the crew- 
produced carbon dioxide from the atmosphere and store 
it during the first 21 days. 

Suppose we have a fourteen-day waste processor failure 
beginning sometime after day 21 and ending before day 
60. The carbon dioxide in the buffer will last just until the 



waste processor is repaired. Then the waste processor 
controller automatically burns enough waste to return the 
carbon dioxide storage to its normal level. The plants and 
the edible and inedible harvest they produce are not 
affected. But there is a significant problem. While the 
waste processor was inoperative, the plants continued to 
produce the oxygen that the waste processor normally 
uses. Since the oxygen buffer was already full with the 
initial stock, there is nowhere to store the oxygen the 
plants produce. It all must be vented and lost. After the 


waste processor is repaired, most of the initial oxygen 
store is used to burn waste and replenish the carbon 
dioxide storage. During the beginning of the next 
planting cycle, when the plants are not producing much 
oxygen, there is no stored oxygen to support the crew. 

The behavior of the closed system with a waste 
processor failure on day 31 lasting until day 44 is shown 
in figure 7 below. 
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Figure 7. Initial design, waste processor failure on day 30 repaired on day 44. 


From day 31 to 44, the carbon dioxide store decreases 
to zero while the inedible biomass store remains 
constant. After day 44, carbon dioxide is restored to its 
previous level while the waste storage is reduced to the 
usual amount for that day. (Appendix - analysis note [7]) 
Oxygen is reduced to a low level. On day 61 , just after 
the plants are harvested, the stored oxygen drops to 
zero. 

A second failure of fourteen days or less does not have 
any additional harmful effect. After the first failure, the 
oxygen buffer has enough spare capacity to 
accommodate all the oxygen produced when the waste 
processor is inoperative. 

There are several things we can do to increase the 
system tolerance to a waste processor failure. We could 


increase the oxygen buffer size so it could hold the 
oxygen produced by the plants that is not used during 
the initial failure. We could stop waste processing if it 
would not leave enough stored oxygen to support the 
crew after harvest and replanting. We consider failure 
mitigation after further failure analysis. 

FAILURE EFFECT ANALYSIS - Rather than simulating 
more example failures, we systematically review waste 
processor failure effects. We consider the impact of 
waste processor failures on the initial system buffer 
design of Table 3 above. The impact of a waste 
processor failure depends on when during the plant 
growth cycle it occurs and on how Iona it lasts. 

If a waste processor failure occurs during the first 21 days 
of a plant growth cycle, it has no effect. Over this period, 



the plants do not require more carbon dioxide than the 
crew produces. Excess carbon dioxide is first stored and 
later released. No waste processing is needed. 

If a waste processor failure occurs on any day from 22 to 
60, the required waste oxidation can not occur. No waste 
and oxygen are used by the waste processor and no 
carbon dioxide and water are produced. The waste 
buffer remains at its current level. More than half (the 
waste processing share) of the plant-produced oxygen is 
lost, because the oxygen buffer is already full. The 
carbon dioxide and water storages are drawn down to 
support plant growth. 

The effect of the failure depends on how long it lasts. 
Just as the carbon dioxide buffer can go 14 days after a 
waste processor failure before emptying, the oxygen 
buffer has enough oxygen to provide the equivalent of 
14 days waste processing after the waste processor is 
repaired. However, in order to have enough stored 
oxygen for the crew during the next planting, we need to 
retain 2.1 days of the average plant oxygen production. 
A waste processor failure of more than 1 1 days will use 
up too much stored oxygen to replace the carbon 
dioxide when the waste processor is repaired. (Appendix 
- analysis note [8]) 

If the failure lasts 1 1 days or less, the system will retain 
enough stored oxygen to continue operation. After the 
waste processor returns on line, oxidizing the waste 
needed to restore the carbon dioxide storage to its initial 
level, enough oxygen remains to support the crew while 
the plants are small. If the failure lasts more than 1 1 days 
and we restore the carbon dioxide storage to its initial 
level, there will not be sufficient stored oxygen for the 
crew during the next planting. The crew can survive by 
using oxygen in the crew and plant chambers, but this is 
still a serious life support failure. Waste processing 
should not use the oxygen that the crew needs to begin 
the next planting period. 

If the waste processor failure of less than 11 days 
continues through harvest on day 60, a second effect 
occurs in addition to depletion of the oxygen storage. 
Some inedible biomass of the previous harvest was not 
oxidized, so the new harvest causes the inedible buffer 
to overflow. The inedible amount lost corresponds to the 
oxygen lost, since waste and oxygen are the paired 
unused waste processor inputs. The full buffer obviously 
has enough waste to provide carbon dioxide in future 
plant cycles, and there is also just enough to fully 
maintain the carbon dioxide storage. 

If the waste processor failure lasts more than 14 days 
before harvest on day 60, the carbon dioxide buffer 
becomes fully depleted. There is insufficient carbon 
dioxide for plant growth. Since we use the stored carbon 
dioxide only after day 21 , carbon dioxide depletion at 1 4 
days later can occur only after day 35 of the plant growth 
cycle. Only the edible biomass growing after day 35 is 


reduced. The crew supplies 1/2 of the average carbon 
dioxide needed by the plants, and (1/2)*(5/6) = 5/12 of 
the amount needed during peak photosynthesis. The 
daily production of edible material is 5/12 of that 
expected. After the next harvest, the amount of edible 
material in the buffer is reduced. Also, inedible waste is 
lost in a two step process. After 14 days, when the waste 
processor is repaired, there is more waste available than 
we need to oxidize to refill the carbon dioxide buffer. 
Then at the next harvest, the inedible buffer overflows. 
The mass of missing edible biomass has been lost in the 
form of inedible biomass. If the waste processor failure 
was long, both edible and inedible buffers will empty 
during the next planting cycle. In the following cycle, 
plant production will equalize the stored amounts of 
edible and inedible biomass. The amounts of both may 
be inadequate. In general, a material loss will not impair 
performance if the required steady state buffer materials, 
shown in Table 2, can be maintained. 

A subsequent failure will not cause further harm unless it 
has a longer duration than any earlier failure. Suppose 
there is an initial waste processor failure of 11 days 
duration or less. When the waste processor is repaired, 
we refill the carbon dioxide buffer and partly empty the 
oxygen buffer. During any shorter subsequent failure, all 
the unused oxygen can now be stored in the largely 
empty oxygen buffer. The oxygen lost during the first 
failure is temporarily replaced, then used when the waste 
processor becomes operative. After a second shorter 
failure is repaired, the carbon dioxide and oxygen buffers 
return to exactly the same state they had just after the 
first failure. The same is true no matter how often a failure 
of the same or shorter duration is repeated. Additional 
oxygen will be lost only when the second failure is longer 
than the first. In general, a failure has no permanent 
effect if the system buffers return to their previous state. 

SYSTEM REDESIGN 

FAILURE EFFECT MITIGATION - There are two ways to 
reduce the impact of a waste processor failure, by 
redesigning the hardware or by changing the system 
operations, including controls and procedures. The 
failure effects described above are of two general types. 
A buffer may overflow , with the excess material being 
lost. In the above example, the oxygen buffer is 
generally full, and a waste processor failure results in 
plant-produced oxygen being lost. A buffer may empty 
and not provide a required material flow, impacting a 
down-stream processor. In the simulated system, a long 
duration waste processor failure results in the carbon 
dioxide buffer emptying, reducing plant growth. 

Buffer overflows can be prevented by increasing the 
buffer size. If the buffers are large enough to store all the 
system material in any possible form, no buffer overflow 
can occur. Suppose that all buffers in the example 
system are made large. It is possible that, in the absence 


of a crew, the plants could convert all carbon dioxide into 
edible and inedible biomass and oxygen. Without plants, 
the crew and waste processor could convert all the initial 
store of food and waste material into carbon dioxide and 
water. 

Buffer emptying can be prevented by increasing the 
initial amount of stored material. To survive permanent 
failures of the waste processor and plants, the system 
must contain enough food and oxygen to support the 
crew for the entire mission. Then the life support is a 
completely open loop system. 

Increasing the buffer sizes and the initial storage 
amounts can improve failure tolerance, but can also 
significantly increase the system and mission cost. 
Increasing the buffers and stored material must be done 
before the mission during the initial design. 

After the mission is underway, we can react to failures 
only by changing the system operation, perhaps by 
reprogramming automatic control systems. In the above 
example, if a waste processor failure is causing oxygen to 
be lost, we can extend system survival by not allowing 
the oxygen buffer to be emptied after the failure is 
repaired. We can reduce the impact of failure by 
managing the processor operations, material flows, and 
storage levels. This provides low cost failure mitigation, 
but the operational options are limited by the initial 
design configuration. 

REDESIGN OBJECTIVES AND APPROACH - The 
redesign objective is to lengthen the time that the 
system can support the crew after a waste processor 
failure. In normal conditions, the waste processor is 
operated once a day while the plants are at peak 
photosynthesis. We assume that the waste processor 
has some small probability of failure every time it is to be 
operated, and that each day after it fails there is a 
significant probability that it will be repaired. This means 
that longer failures have lower probability. Increasing the 
time the life support system can survive a waste 
processor failure will improve the probability of crew 
survival. 

The performance metric we use is the duration of the 
longest repeated waste processor failure that the system 
can survive. Often shorter repeated failures will have no 
additional impact, as is the case with the initial system 
design above. However, some failure repairs are one- 
time patches, so we also consider the longest single 
failure that the system can survive. 

To optimize a system design, we must consider cost as 
well as benefit. A direct approach to increasing the 
survivable failure duration is to increase the buffers and 
initial storage. This has a significant cost. The cost of the 
initial stored material can be estimated as proportional to 
its total mass in moles. Similarly, the cost of the buffers 
can also be estimated as proportional to the buffer mass, 


which is proportional to the maximum mass they can 
contain. Gas tanks typically have a mass roughly equal to 
the maximum mass they can contain. (BVAD, p. 29) 
Water tanks may have mass of one-fifth their maximum 
water content. We assume the edible and inedible 
biomass (food and waste) is stable and can be stored in 
bulk, so that the biomass storage buffers require a mass 
of only one-tenth their maximum biomass content. Using 
the buffer sizes and initial stocks of Table 3, the cost of 
the initial design system is 24,869 in mole mass units. 
(Appendix - analysis note [9]) 

Redesign 1 : Increasing material buffers and initial stocks - 
We can survive a waste processor failure lasting nearly 
one full plant growth cycle if we increase buffers and 
storage sufficiently. We increase the initial storage to 
include all the carbon dioxide that the waste processor 
would produce over a plant growth cycle and provide 
empty storage for all the oxygen that the waste 
processor would have consumed. This is half the carbon 
dioxide that the plants consume and half the oxygen 
they produce over one plant growth cycle. (Appendix - 
analysis note [10]) This system works well if the waste 
processor is repaired so that the waste buffer can be 
emptied (to restore the carbon dioxide level) before the 
next harvest. If not, the new waste biomass harvest 
overflows its buffer. This can be prevented by adding 
enough empty capacity to store a full inedible harvest. 
Now the system can survive a waste processor failure, 
beginning before the plants reach full canopy (when the 
plants first require carbon dioxide to be produced by 
waste processing), and extending until after the plants 
are harvested. This includes 40 days of planned waste 
processor use and up to another 20 days during initial 
planting when the waste processor is not needed. The 
cost of this system is 41,761 in mole mass units, a 68 
percent increase. Because the carbon dioxide buffer is 
refilled after each waste processor failure and repair, this 
system can survive repeated long duration waste 
processor failures. 

Redesign 2: Controlling oxvoen level - We investigate a 
second redesign. Changing the waste processor control 
can extend failure survival duration several days at no 
cost. We halt operation of the waste processor if the 
stored oxygen is less than twice the amount needed to 
support the crew during initial planting. The system now 
can survive repeated fourteen-day failures of the waste 
processor that empty the carbon dioxide buffer. Longer 
failures can be tolerated, but the lack of stored carbon 
dioxide after the fourteenth day of full canopy plant 
growth (day 35 of the plant cycle in figure 5) reduces the 
production of edible biomass. The crew supplies some 
carbon dioxide to the plants, but if the failure exceeds 
twenty-one days, the harvest plus the excess initial extra 
store of ten days food will run out before the next 
harvest. (Appendix - analysis note [11]) 


Redesign 3: Controlling oxygen level and adding food - 
To extend the system survival, we increase the initial 
excess food storage by the amount lost if the waste 
processor fails throughout the planting cycle. We set the 


total initial food storage to 95 days. (Appendix - analysis 
note [12]) The system behavior is shown in figure 8 
below. 
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Figure 8. Redesign 3 with oxygen use control and added food 


Harvest and replanting occur on day 60. The waste 
processor fails on day 75 and is repaired on day 125, a 
50-day failure duration. The carbon dioxide storage 
empties on day 89 and subsequent edible biomass 
growth is reduced. At the harvest on day 120, the edible 
buffer is only partially refilled, but - because of the higher 
initial amount of food - the food lasts until the next 
harvest on day 180. As the inedible buffer size was not 
increased, waste biomass overflows on day 120 and is 
lost. After the waste processor is repaired on day 125, 
the oxygen is reduced, but not to less than about 800 
moles, and the waste is oxidized and the carbon dioxide 
is increased as far as this allows. The oscillations of the 
carbon dioxide and oxygen levels show the action of the 
waste processor controller. The system with control of 
oxygen use and added food survives a waste processor 
failure lasting throughout an entire plant growth cycle, up 
to 60 days. A 60-day failure beginning at any time can be 
survived. 


The cost of this system is 27,244 in mole mass units, 
only a 10 percent cost increase from the initial system. 
This cost increase is much less than the 66 percent cost 
increase of the redesign 1 above, which used a larger 
initial carbon dioxide store and larger oxygen and waste 
buffers. This system is not as robust as the redesign 1 
because it can not survive a second 60-day failure. The 
first 60-day failure uses all of the added 35 days initial 
food storage. 

Redesign 4: Dynamic redesign - Rather than treating the 
failure symptoms of the initial design, we attempt a direct 
dynamic design. We want the system to survive repeated 
long duration waste processor failures. The critical 
product of the waste processor is the carbon dioxide 
used to support plant growth. We design the waste 
processor controller and the carbon dioxide buffer to 
always store all the carbon dioxide needed for one full 
plant growth cycle. Then as long as the waste processor 
is available for a few days between harvest and when 
stored carbon dioxide is next needed, the system can 
maintain carbon dioxide flow and plant growth. 




At system start-up, we initially supply enough carbon 
dioxide for a full plant growth cycle, allowing for the half 
supplied by crew metabolism. We maintain this level by 
operating the waste processor whenever possible. The 
carbon dioxide buffer must hold this much plus the initial 
extra amount generated by the crew while the plants are 
small. The edible buffer and initial store are reduced to 
the minimum 60 day supply. We make the inedible buffer 
the same size but store no initial waste material, as we 
have the initial carbon dioxide it would produce. We 
supply twice the oxygen that the crew needs during 
initial planting. The oxygen buffer must also be able to 
contain the half of the oxygen that the plants produce 
over a plant growth cycle, which is normally used by the 
waste processor. Appendix - analysis note [1 3]) 

The waste processor must replace the carbon dioxide 
storage between harvest, when inedible biomass 
becomes available, and peak photosynthesis on day 21, 
when stored carbon dioxide is needed. Any failure 
duration of less than 21 days is survivable. The system 
survives repeated 21 -day waste processor failures. The 
cost of this system is 31,641 in mole mass units, a 27 
percent cost increase from the initial system. 


Redesign 5: Extended dynamic redesign -If we want the 
system to survive any 60-day waste processor failure, we 
need to also fill the inedible buffer at start up. Then the 
waste processor continually oxidizes this waste to keep 
the carbon dioxide buffer full. Whenever the waste 
processor fails, we have 60 days carbon dioxide on 
hand. We already have the capacity to store the oxygen 
not used by the waste processor. But if the waste 
processor fails and is not repaired before the next 
harvest, the new waste biomass overflows the buffer. We 
therefor add additional storage capacity for a second 
inedible harvest. This is essentially the same as redesign 
1 above, which increased buffers and storage, with all 
spare buffer capacity and material removed. The cost of 
this system is 37,581 in mole mass units, a 51 percent 
cost increase from the initial system. 

DESIGN COMPARISON 

All the above designs perform perfectly under nominal 
conditions. They respond differently to waste processor 
failures. The number and duration of waste processor 
failures they can survive and their costs in mole mass 
units are compared in Table 4 below. 


Table 4. Performance and cost of the different system designs 


Redesign number 

Survivable 

failure 

duration 

(days) 

Survivable 
number of 
failures 

Cost 

(moles) 

Relative 

cost 

0. Initial system design 

11 

many 

24,869 

1.00 

1. Increase buffers and initial stocks 

60 

many 

41,761 

1.68 

2. Control oxygen level 

14, 21 

many 14 day 
one 21 day 

24,869 

1.00 

3. Control oxygen level and add food 

14, 60 

many 14 day 
one 60 day 

27,344 

1.10 

4. Dynamic redesign 

21 

many 

31,641 

1.27 

5. Extended dynamic redesign 

60 

many 

37,581 

1.51 


Initial design 0. In the initial system design, a waste 
processor failure interrupts the production of carbon 
dioxide and causes the plant-produced oxygen to 
overflow its buffer and be lost. When the waste 
processor is repaired, its controller attempts to restore 
the carbon dioxide buffer level. If the waste processor 
failure has been longer than 1 1 days, insufficient oxygen 
remains to support the crew after the next harvest and 
replanting, when the plants are producing little oxygen. 
After the system survives an initial 1 1 day failure, shorter 
subsequent failures do not cause additional harm, as 
unused oxygen can be stored in a largely empty buffer. 

Redesign 1 - We redesign the system to increase the 
duration of failures it can withstand. We increase the 
buffer sizes and initial storage to provide: 1, all the 


carbon dioxide that the waste processor would produce 
over a plant growth cycle, 2, empty storage for all the 
oxygen that the waste processor would consume, and, 
3, enough empty capacity to store a second full inedible 
harvest. If the waste processor fails on the first day that it 
is required during the plant cycle, there is sufficient 
carbon dioxide in storage to complete the cycle. No harm 
results unless the waste processor is still unavailable 60 
days later, at the same point in the next cycle. The 
improved performance is obtained at a cost that is 66 
percent higher than that of the initial design. 

Redesign 2 - As an alternate redesign, we control the 
minimum oxygen level so there is always enough to 
support the crew after the next planting. The system can 
survive repeated fourteen-day failures. The initial store of 




food was 70 days, 10 more than needed for the start up 
plant cycle. The 10 days use is 7 days production, which 
allows a single failure of 21 days. This change does not 
increase the buffer size, material storage, or system cost 
over the initial design. 

Redesign 3 - We can extend the one-time failure survival 
duration by increasing the initial excess food storage. 
The crew carbon dioxide output and the carbon dioxide 
storage are sufficient to grow the inedible plant structure 
and some of the food, so we need to add only 35 days 
food to the 60 days start up food. If the waste processor 
fails on the first day it is required during the plant cycle, 
the system survives unless the waste processor is still 
unavailable 60 days later, at the same point in the next 
cycle. The cost of this system is only 10 percent more 
than the initial system. 

Redesign 4 - In the dynamic redesign, we initially supply 
enough carbon dioxide for a full plant growth cycle. In 


subsequent plant cycles, the waste processor must 
oxidize the inedible biomass after harvest but before 
stored carbon dioxide is needed, a window of 21 days. 
We also shrink the biomass buffer sizes to 60 days each 
and eliminate the initial stored inedible biomass. This 
system costs 27 percent more than the initial system. 

Redesign 5 - The extended dynamic redesign fills the 
inedible buffer at start up, so the carbon dioxide buffer 
can be continually filled by waste processing. The 
system now survives repeated 60-day failures occurring 
anytime in the plant growth cycle. Redesign 5 is similar to 
redesign 1, except that unnecessary storage capacity 
and material have been removed, reducing the cost 
increase over the initial system to 51 percent. 

Figure 9 below indicates the relative cost versus the 
repeatedly survivable failure duration for the initial design 
and the five redesigns. 
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Figure 9. Relative cost versus survivable failure duration 



The initial design can survive repeated waste processor 
failures of eleven days or less. Redesign 1 survives 
repeated 60-day failures but requires a 68 percent cost 
increase for increased materials and buffer sizes. 
Redesign 2 extends the failure duration of the initial 
design from 11 to 14 days by limiting the oxygen buffer 
use, adding no cost. Redesign 3 adds stored food for a 
10 percent cost increase in order to survive a single 60- 
day failure. Redesign 4 survives repeated 21 -day failures 
at a 27 percent cost increase. Redesign 5 is similar to 
redesign 1 , surviving repeated 60-day failures, but has 
lower 51 percent cost due to minimizing the buffers and 
stocks. 

The cost versus survivability behavior in figure 9 is 
reasonable, showing higher system cost for better failure 
performance. The initial design was not specifically 
intended to survive waste processor failures, but the 
inclusion of contingency reserves of ten days’ materials 
allowed eleven days survival. Simulating and analyzing 
the effects of an extended waste processor failure 
allowed system redesigns to increase failure survival, 
either by increasing buffers and materials (redesign 1) or 
by changing the system operational response (redesign 
improvements in survivability at lower cost increases 
(redesigns 3 and 4). Striping out the unneeded buffer 
capacity and contingency reserves minimizes the cost for 
the specific performance needed (redesigns 4 and 5). 

CONCLUSION 

The design approach followed in the nitrogen leakage 
and bioregenerative system examples is typical of actual 
practice. System designers nearly always start with a 
static steady state design. They add controls to keep the 
system at its static design point if they expect input 
fluctuations or internal variations. They provide some 
reasonable padding and safety factors. At this point, 
systems are sometimes built, tested, and shipped. 
However, systems subject to input fluctuations, 
requirements changes, aging, or failures, systems with 
high costs for buffering and contingency handling, and 
systems with complex internal controls need more. They 
should be modeled, dynamically simulated, and 
designed to cope with plausible departures from the 
nominal steady state. Dynamic simulation and design is 
necessary for systems that must handle internal and 
external changes. 

This point has been made before. 

“Initial design studies for closed life support systems 
concentrate on the equilibrium requirements for 
supporting the crew. These studies give some indication 
of mass and volume requirements by specifying the flows 
that will be necessary through various processors, and 
thus give some indication of the minimum unit size. 
However, the life support system must be capable of 
maintaining vital functions during temporary failures of 
some of its components. Extra storage must be provided, 


processors must have the capability of operating above 
(or below) their equilibrium flows, and total amounts of 
flowing masses in the system must be specified. This 
part of the design can only be done by considering the 
system’s dynamic behavior as none of these parameters 
enter into the static equilibrium calculation.” (Babcock et 
al.) 

System modeling and dynamic simulation is needed to 
study important aspects of advanced life support 
systems, including mass closure, finite storage tank 
sizes, limited processing rates, and response to off- 
nominal events. Failures or storage losses and overflows 
can interfere with the desired steady state operation of 
the closed system. There are several ways to mitigate 
such off-nominal conditions. The rates of the processors 
can be increased, made variable, or made more reliable 
by using parallel or redundant units. The capacities of the 
storage tanks can be increased. More material can be 
added in various forms. The operations strategy and 
control algorithm can be designed to cope with potential 
events. Modeling and simulation can define the cost- 
benefit of these design strategies. 
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APPENDIX - ANALYSIS NOTES 

1. Nitrogen leakage static analysis details - The 
atmosphere for Space Shuttle, Spacelab, International 
Space Station, and many Russian missions is sea-level 
Earth normal. This is 14.7 psi total pressure with about 
21% oxygen and 79% nitrogen. (Reed and Coulter, p. 
105) (Wieland, p. 184) 

The leakage design parameter for the original Space 
Station Freedom was 0.23 kg/element per day. A typical 
laboratory or habitation element had volume of 106 m 3 . 
(Wieland, p. 213.) 106 m 3 of air at 1 atmosphere pressure 
and 25 degrees Centigrade corresponds to about 125 
kg of air per element. The leakage rate is then 0.18% per 
day. If we assume space station will have ten similar 
elements, the total loss is 2.3 kg per day. 


The Space Station Freedom equipment airlock had 
volume of 26 m 3 and the crew airlock had a volume of 7 
m 3 . Each was expected to lose a nominal 1 0% of the air 
for each use, with loss up to 100%. (Wieland, p. 213) 2.6 
mr* of air at one atmosphere pressure and 25 degrees 
Centigrade corresponds to about 3.1 kg of air. The 
equipment airlock was to be cycled about once per 
week, so the equipment airlock air loss is 0.44 kg per 
day. 0.7 m 3 of air at 1 atmosphere pressure and 25 
degrees Centigrade corresponds to about 0.85 kg of air. 
If the crew airlock is cycled about once per day, the crew 
airlock air loss is 0.85 kg per day. 

Adding up the atmosphere losses including the ten 
elements’ leakage, one equipment airlock cycle per 
week, and one crew airlock cycle per day, we have an 
average atmosphere loss of 3.59 kg per day. Of this, 
79% or 2.84 kg is nitrogen. 

To date spacecraft have used stored air or pure nitrogen 
to provide make-up gas. Initial space station designs 
considered cryogenic storage, which has a lower 
packaging factor than pressure tanks, but handling 
difficulties and boil-off losses eliminated this option. The 
early space station will use stored nitrogen and oxygen, 
but later space station will recycle oxygen (Doll and 
Eckart, p. 555) We consider only nitrogen leakage and 
resupply. 

Equating the average nitrogen loss to the resupply rate, 
we must provide 2.84 kg per day. If we have a Space 
Shuttle flight every 90 days, each flight must carry 256 kg 
of nitrogen. If we require a 30 day contingency supply, 
the total nitrogen storage capacity must be 341 kg. 
These calculations are summarized in Table A-1 below. 


Table A-1. Nominal storages and leakage rates. 



Atmosphere 

kg 

Nitrogen, kg 
(79%) 

Ten element capacity 

1,250 

988 

Ten element leakage 

2.3/day 

1 ,82/day 

Equip, airlock leakage 

0.44/day 

0.35/day 

Crew airlock leakage 

0.85/day 

0.67/day 

90 day resupply 

323 

256 

1 20 day storage 

431 

341 


2. We consider staggered planting. The amount of 
buffering within the plant growth cycle can be reduced 
by having several staggered plantings, such as two 
plantings at days 1 and 31 , or three at days 1,21, and 4 1 . 
In the limit, we could have daily harvesting and planting 
and no buffering at all of food, waste, oxygen, carbon 
dioxide, or water. But this is less attractive because of the 
remaining need for initial start up buffering. We still 
require an initial 60-day supply of food and waste for start 





















up. And we require twice as large oxygen, carbon 
dioxide, and water buffers than in the single planting 
case, because of the larger delay in reaching the average 
plant photosynthesis due to continuous planting. We 
require twice the initial amount of oxygen. (The need is 
to buffer 1 7.5 days supplies, since we reach one-half of 
the average photosynthesis only on day 35, not day 

16.7 as for a single planting.) Another difficulty is that 
without automatic harvesting and storage, we can not 
shut down and restart without another 60-day supply of 
food and waste. 

3. We consider how much oxygen and carbon dioxide is 
in the crew and plant chamber atmosphere. We assume 
that the atmosphere is sea-level Earth normal. This is 

14.7 psi total pressure with about 79% nitrogen, 21% 
oxygen, and 0.04% carbon dioxide. (Reed and Coulter, 
p. 105) A typical laboratory or habitation element for the 
original Space Station Freedom had volume of 106 m 3 . 
(Wieland, p. 213.) 106 m 3 is 106,000 liters and contains 
about 4,730 moles of gas. Two habitation elements 
contain 9,460 moles of atmosphere, 1,987 moles of 
oxygen, and only 3.8 moles of carbon dioxide. Referring 
to the use rates in Table 1 , this is 20 days oxygen for the 
crew and 40 minutes carbon dioxide for the plants. If we 
stored one day’s carbon dioxide in two habitats, we 
would have 264 moles in 9,460 moles, or 2.7% carbon 
dioxide. This is too high. (Reed and Coulter, p. 109) 

4. How does the amount of drinking and hygiene water 
compare to the metabolic water? Table A-2 below lists 
the nominal drinking and hygiene water requirements 
estimated for Space Station Freedom. (Wieland, pp. 6, 
230) (Reed and Coulter, p. 125) 

Table A-2: Drinking and hygiene water (kg per 
crewmember per day) 


drinking 

1.62 

shower 

2.73 

dishwash 

5.45 

handwash 

4.09 

urine flush 

0.50 

clothes wash 

12.50 

total 

26.89 


Water has 18 grams per mole, so the daily non-metabolic 
water flow per crewmember is 1 ,494 moles, about 28 
times larger than the 54 moles daily metabolic water flow 
per crewmember. A ten day initial stock of non-metabolic 
water would be 14,940 moles. 


5. How does the amount of plant hydroponics water 
compare to the metabolic water? A wheat hydroponics 
system typically requires 130 grams of water (18 grams 
per mole) for each gram of edible dry biomass (180 grams 
per mole if glucose) produced. (BVAD, p. 38) This 
means that 1 ,300 moles of water are required for each 
mole of edible harvest. Since our edible biomass harvest 
is 5,400 moles, the hydroponics system uses 5,400 
moles edible biomass * 1,300 moles water per mole 
edible biomass = 7,020,000 moles of water. This is a 
permanent storage, not the hydroponics flow, but it 
corresponds to 178 years of plant metabolic water use. 

6. The initial supply of carbon dioxide is ten days’ 
average use, but the crew also provides half of the 
average plant carbon dioxide use. The peak use rate is 
6/5 of the average rate. (10 days average use)/(6/5 
average use - 1/2 average use) = 10/(6/5 - 1/2) = 100/7 = 
14.3 days. The initial storage supplemented by the crew 
production will last 14.3 days during peak 
photosynthesis. 

7. The waste processing restores waste storage to the 
nominal level over two days because the processing rate 
per day is limited. In the simulation, the maximum waste 
processing rate per day is set at the total rate for 1 1 
average days or 9 peak rate days. 

8. The oxygen buffer has enough oxygen to provide the 
equivalent of 14 days waste processing. The reasoning 
is the same as that for the carbon dioxide loss in analysis 
note [6]. The oxygen buffer contains ten days average 
crew and waste processor use. The waste processor and 
the crew each consume half the average oxygen 
production. During peak plant photosynthesis, oxygen is 
produced at 6/5 the average rate. The 6/5 -1/2 that 
would have been used by the waste processor is lost by 
buffer overflow. The initial storage is 10/(6/5 - 1/2) = 14.3 
days peak waste processor oxygen use. However, we 
need to have enough stored oxygen for the crew during 
the next planting. Before day 8.3, the plants do not 
produce enough oxygen for the crew. The net deficit of 
oxygen is half of 8.3 days average crew use. Half of 8.3 
days average crew use is 2.1 days of the average plant 
production. The length of waste processor failure we 
can tolerate is equal to the amount of oxygen we can 
lose divided by the loss rate. (10 - 2. 1 )/(6/5 - 1/2) = 1 1 .3 
days. If the waste processor failure is less than 1 1 days, 
we have enough oxygen, after restoring the initial carbon 
dioxide, to support the crew after harvest and replanting. 

9. The buffer sizes and initial stocks of the initial design 
are given in Table 3 in the main body. The cost of the 
initial design system is computed in mole mass units in 
table A-3 below. 




Table A-3. System cost factors and initial system cost (moles) 



buffer 

size 

initial 

stock 

buffer 

cost 

factors 

stock 

cost 

factors 

buffer 

cost 

stock 

cost 

edible biomass 

6,300 

6,300 

0.1 

1 

630 

6,300 

inedible biomass 

6,300 

6,300 

0.1 

1 

630 

6,300 

oxygen 

1,920 

1,920 

1 

1 

1,920 

1,920 

carbon dioxide 

3,188 

2,640 

1 

1 

3,188 

2,640 

water 

1,304 

1,080 

0.2 

1 

261 

1,080 

subtotals 

19,012 

18,240 



6,629 

18,240 






total cost 

24,869 


10. (Redesign 1) The initial storage of the carbon dioxide 
that the waste processor would produce over a plant 
growth cycle is 1 32 moles/day *60 days = 7,920 moles. 
The additional storage space for the carbon dioxide 
produced by the crew and not used by the plants in the 
20 days after harvest and replanting is 548 moles per 
Table 2. The empty capacity to store a full inedible 
harvest is 5,400 moles more from Table 2. 

11. (Redesign 2) Twice the amount of stored oxygen 
needed to support the crew during initial planting is 398 
moles*2 = 796 moles, using Table 2. How long can a 
waste processor failure last before the excess initial store 
of ten days food runs out before the next harvest? if the 
waste processor fails on or before day 21, the stored 
carbon dioxide runs out after the fourteenth day of full 
canopy plant growth, day 35 of the plant cycle. Each day 
of edible growth with only the crew carbon dioxide, 
produces (1/2)/(6/5) = 5/12 of the maximum edible 
biomass and loses 7/12. Each day of edible growth we 
produce 60/25 of all the edible harvest, so we lose 
(7/12)*(60/25) = 7/5 days worth of food every day we 
have only crew carbon dioxide. We will exhaust our ten 
days food storage, if we have only crew carbon dioxide, 
in 10/(7/5) = 7.1 days. 14 days stored carbon dioxide 
plus 7 days stored food = 21 , so we will be short of food if 
the waste processor failure lasts more than 21 days. 

12. (Redesign 3) How much food is lost if the waste 
processor fails throughout the planting cycle? During the 


edible growth, only the crew supplies carbon dioxide, 
since the waste processor has failed and the stored 
carbon dioxide is exhausted. During the 25 days of 
edible growth, we receive from the crew 25 days *(1/2) = 
12.5 days average daily carbon dioxide use. We require 
30 days average carbon dioxide use over the 25 day 
edible growth period for full edible production. We 
produce (12.5 days use/30 days use)*60 days’ food = 25 
days’ food and so are short 35 days’ food. 60 + 35 = 95 
days’ food. 95 days’ food *90 moles food/day = 8,550 
moles food. 

13. (Redesign 4) The carbon dioxide buffer holds 
enough carbon dioxide for a full plant growth cycle, 
allowing for the half supplied by crew metabolism, plus 
the initial amount generated by the crew while the plants 
are small. This is 1 32 moles/day *60 days + 548 moles 
(Table 2) = 8,468 moles. The minimum 60-day supply of 
edible biomass is 5,400 moles (Table 2). The initial 
oxygen storage is twice the crew need during initial 
planting, 2*398 moles, Table 2. The oxygen buffer 
capacity is larger by the half of the oxygen that the plants 
produce over a plant growth cycle 192 moles/day *60 
days/2 = 5,760 moles. This oxygen is normally used by 
the waste processor and would overflow if the buffer 
were not increased. 




